Journal of Hardware and Systems Security

, Volume 2, Issue 2, pp 111–130 | Cite as

Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation

  • Bilgiday YuceEmail author
  • Patrick Schaumont
  • Marc Witteman


Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control flow or data flow integrity of software. The modified program execution is then analyzed and used as a source of information leakage, or as a mechanism for privilege escalation. Due to the increasing complexity of modern embedded systems, and due to the difficulty of guaranteeing correct hardware execution even under a weak adversary, fault attacks are a growing threat. For example, the assumption that an adversary has to be close to the physical execution of software, in order to inject an exploitable fault into hardware, has repeatedly been shown to be incorrect. This article is a review on hardware-based fault attacks on software, with emphasis on the context of embedded systems. We present a detailed discussion of the anatomy of a fault attack, and we make a review of fault attack evaluation techniques. The paper emphasizes the perspective from the attacker, rather than the perspective of countermeasure development. However, we emphasize that improvements to countermeasures often build on insight into the attacks.


Fault attacks Secure embedded software Embedded systems 



The authors would like to thank Dennis Vermoen from Riscure Security Lab for his help and support.

Funding Information

During this work, the first author was supported in part through the National Science Foundation Grant 1441710 and 1314598, and in part through the Semiconductor Research Corporation.


  1. 1.
    Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown, arXiv:1801.01207
  2. 2.
    Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution, arXiv:1801.01203
  3. 3.
    Piessens F, Verbauwhede I (2016) Software security: vulnerabilities and countermeasures for two attacker models. In: Design Automation &, test in Europe conference & exhibition (DATE), pp 990–999Google Scholar
  4. 4.
    Witteman M, Oostdijk M (2008) Secure application programming in the presence of side channel attacks. In: RSA Conference, vol 2008Google Scholar
  5. 5.
    Yuce B, Ghalaty NF, Deshpande C, Patrick C, Nazhandali L, Schaumont P (2016) FAME: fault-attack aware microprocessor extensions for hardware fault detection and software fault response. In: Hardware and Architectural Support for Security and Privacy (HASP). ACM, p 8Google Scholar
  6. 6.
    Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076CrossRefGoogle Scholar
  7. 7.
    Joye M, Tunstall M (eds) (2012) Fault analysis in cryptography, ser. Information security and cryptography. Springer, BerlinGoogle Scholar
  8. 8.
    Galathy NF, Yuce B, Schaumont P (2017) A systematic approach to fault attack resistant design. In: Fundamentals of IP and SoC security, pp 223–245. SpringerGoogle Scholar
  9. 9.
    Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2013) Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In: 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC), pp 77–88. IEEEGoogle Scholar
  10. 10.
    Courbon F, Loubet-Moundi P, Fournier JJ, Tria A (2014) Adjusting laser injections for fully controlled faults. In: International Workshop on constructive side-channel analysis and secure design, pp 229–242. SpringerGoogle Scholar
  11. 11.
    Yuce B, Ghalaty NF, Schaumont P (2015) Improving fault attacks on embedded software using risc pipeline characterization. In: Proc. of FDTC’15, pp 97–108Google Scholar
  12. 12.
    Li Y, Sakiyama K, Gomisawa S, Fukunaga T, Takahashi J, Ohta K (2010) Fault sensitivity analysis. In: Proc. of CHES’10, pp 320–334Google Scholar
  13. 13.
    Bhattacharya S, Mukhopadhyay D (2017) Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers. J Cryptogr Eng 7(4):299–310CrossRefGoogle Scholar
  14. 14.
    Bar-El H, Choukri H, Naccache D, Tunstall M, Whelan C (2006) The sorcerer’s apprentice guide to fault attacks. Proc IEEE 94(2):370–382CrossRefGoogle Scholar
  15. 15.
    Guilley S, Sauvage L, Danger J-L, Selmane N, Pacalet R (2008) Silicon-level solutions to counteract passive and active attacks. In: 5th Workshop on fault diagnosis and tolerance in cryptography, 2008. FDTC’08. IEEE, pp 3–17Google Scholar
  16. 16.
    Zussa L, Dutertre J-M, Clédiere J, Robisson B, Tria A et al (2012) Investigation of timing constraints violation as a fault injection means. In: 27th Conference on design of circuits and integrated systems (DCIS). AvignonGoogle Scholar
  17. 17.
    Korak T, Hoefler M (2014) On the effects of clock and power supply tampering on two microcontroller platforms. In: Proc. of FDTC’14, pp 8–17Google Scholar
  18. 18.
    Riscure Inspector FI, Online; Accessed 18 May 2017
  19. 19.
    O’Flynn C, Chen ZD (2014) ChipWhisperer: an open-source platform for hardware embedded security research. In: Constructive side-channel analysis and secure design. Springer, pp 243–260Google Scholar
  20. 20.
    Barenghi A, Bertoni G, Parrinello E, Pelosi G (2009) Low voltage fault attacks on the RSA Cryptosystem. In: 2009 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 23–31Google Scholar
  21. 21.
    Timmers N, Spruyt A, Witteman M (2016) Controlling PC on ARM using fault injection. In: Fault diagnosis and tolerance in cryptography (FDTC), pp 25–35Google Scholar
  22. 22.
    Hutter M, Schmidt J-M (2013) The temperature side channel and heating fault attacks. In: International conference on smart card research and advanced applications. Springer, pp 219–235Google Scholar
  23. 23.
    Skorobogatov S (2009) Local heating attacks on flash memory devices. In: IEEE International workshop on hardware-oriented security and trust. 2009. HOST’09. IEEE, pp 1–6Google Scholar
  24. 24.
    Govindavajhala S, Appel AW (2003) Using memory errors to attack a virtual machine. In: 2003 Symposium on security and privacy, 2003. Proceedings. IEEE, pp 154–165Google Scholar
  25. 25.
    Korak T, Hutter M, Ege B, Batina L (2014) Clock glitch attacks in the presence of heating. In: 2014 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 104–114Google Scholar
  26. 26.
    Skorobogatov S, Anderson RJ (2002) Optical fault induction attacks. In: Revised Papers from the 4th international workshop on cryptographic hardware and embedded systems. Springer-Verlag, pp 2–12Google Scholar
  27. 27.
    Schmidt J-M, Hutter M Optical and EM fault-attacks on CRT-based RSA: concrete resultsGoogle Scholar
  28. 28.
    Van Woudenberg JG, Witteman MF, Menarini F (2011) Practical optical fault injection on secure microcontrollers. In: 2011 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 91–99Google Scholar
  29. 29.
    Maistri P, Leveugle R, Bossuet L, Aubert A, Fischer V, Robisson B, Moro N, Maurine P, Dutertre J-M, Lisart M (2014) Electromagnetic analysis and fault injection onto secure circuits. In: 2014 22nd International conference on very large scale integration (VLSI-SoC). IEEE, pp 1–6Google Scholar
  30. 30.
    Moro N, Dehbaoui A, Heydemann K, Robisson B, Encrenaz E (2014) Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller, CoRR, vol. abs/1402.6421. [Online]. Available: arXiv:1402.6421
  31. 31.
    Velegalati R, Van Spyk R, van Woudenberg J (2013) Electro magnetic fault injection in practice. In: International Cryptographic module conference (ICMC)Google Scholar
  32. 32.
    Tang A, Sethumadhavan S, Stolfo S (2017) CLKSCREW: exposing the perils of security-oblivious energy management. In: 26th USENIX security symposium (USENIX Security 17). Vancouver, BC: USENIX Association, pp 1057–1074. [Online]. Available:
  33. 33.
    Cai Y, Ghose S, Luo Y, Mai K, Mutlu O, Haratsch EF (2017) Vulnerabilities in MLC NAND flash memory programming: experimental analysis, exploits, and mitigation techniques. In: 2017 IEEE International symposium on high performance computer architecture (HPCA). IEEE, pp 49–60Google Scholar
  34. 34.
    Kim Y, Daly R, Kim J, Fallin C, Lee JH, Lee D, Wilkerson C, Lai K, Mutlu O (2014) Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. In: ACM SIGARCH Computer architecture news, vol 42, no 3. IEEE Press, pp 361–372Google Scholar
  35. 35.
    Gruss D, Maurice C, Mangard S (2016) Rowhammer. js: a remote software-induced fault attack in javascript. In: Detection of intrusions and malware, and vulnerability assessment. Springer, pp 300–321Google Scholar
  36. 36.
    van der Veen V, Fratantonio Y, Lindorfer M, Gruss D, Maurice C, Vigna G, Bos H, Razavi K, Giuffrida C (2016) Drammer: deterministic rowhammer attacks on mobile platforms. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, pp 1675–1689Google Scholar
  37. 37.
    Razavi K, Gras B, Bosman E, Preneel B, Giuffrida C, Bos H (2016) Flip feng shui: hammering a needle in the software stack. In: USENIX Security symposium, pp 1–18Google Scholar
  38. 38.
    Kurmus A, Ioannou N, Papandreou N, Parnell T (2017) From random block corruption to privilege escalation: a filesystem attack vector for rowhammer-like attacks. In: USENIX Workshop on offensive technologies (WOOT)Google Scholar
  39. 39.
    Karaklajic D, Schmidt J, Verbauwhede I (2013) Hardware designer’s guide to fault attacks. IEEE Trans VLSI Syst 21(12):2295–2306CrossRefGoogle Scholar
  40. 40.
    Otto M (2005) Fault attacks and countermeasures. Ph.D. dissertation, University of PaderbornGoogle Scholar
  41. 41.
    Anceau S, Bleuet P, Clėdiėre J, Maingault L, Rainard J, Tucoulou R (2017) Nanofocused x-ray beam to reprogram secure circuits. In: Cryptographic hardware and embedded systems (CHES), pp 175–188Google Scholar
  42. 42.
    Barbu G, Thiebeauld H, Guerin V (2010) Attacks on java card 3.0 combining fault and logical attacks. Smart Card Research Adv Appl, 148–163Google Scholar
  43. 43.
    Dehbaoui A, Mirbaha A-P, Moro N, Dutertre J-M, Tria A (2013) Electromagnetic glitch on the AES round counter. In: International Workshop on constructive side-channel analysis and secure design. Springer, pp 17–31Google Scholar
  44. 44.
    Riviere L, Najm Z, Rauzy P, Danger J-L, Bringer J, Sauvage L (2015) High precision fault injections on the instruction cache of ARmV7-m architectures. In: 2015 IEEE International symposium on hardware oriented security and trust (HOST). IEEE, pp 62–67Google Scholar
  45. 45.
    Nashimoto S, Homma N, Hayashi Y-i, Takahashi J, Fuji H, Aoki T (2017) Buffer overflow attack with multiple fault injection and a proven countermeasure. J Cryptogr Eng 7(1):35–46CrossRefGoogle Scholar
  46. 46.
    Balasch J, Gierlichs B, Verbauwhede I (2011) An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Workshop on fault diagnosis and tolerance in cryptography (FDTC 2011), pp 105–114. [Online]. Available:
  47. 47.
    Vétillard E, Ferrari A (2010) Combined attacks and countermeasures. In: International conference on smart card research and advanced applications. Springer, pp 133–147Google Scholar
  48. 48.
    Potet M-L, Mounier L, Puys M, Dureuil L (2014) Lazart: a symbolic approach for evaluation the robustness of secured codes against control flow injections. In 2014 IEEE Seventh International conference on software testing, verification and validation (ICST). IEEE, pp 213–222Google Scholar
  49. 49.
    Choukri H, Tunstall M (2005) Round reduction using faults. FDTC 5:13–24Google Scholar
  50. 50.
    Dutertre J-M, Mirbaha A-P, Naccache D, Ribotta A-L, Tria A, Vaschalde T (2012) Fault round modification analysis of the advanced encryption standard. In: 2012 IEEE International symposium on hardware-oriented security and trust (HOST). IEEE, pp 140–145Google Scholar
  51. 51.
    Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in cryptology—CRYPTO’97. Springer, pp 513–525Google Scholar
  52. 52.
    Hoch JJ, Shamir A (2004) Fault analysis of stream ciphers. In: International Workshop on cryptographic hardware and embedded systems. Springer, pp 240–253Google Scholar
  53. 53.
    Biehl I, Meyer B, Müller V (2000) Differential fault attacks on elliptic curve cryptosystems. In: Annual International cryptology conference. Springer, pp 131–146Google Scholar
  54. 54.
    Taha M, Eisenbarth T (2015) Implementation attacks on post-quantum cryptographic schemes, Cryptology ePrint Archive, Report 2015/1083.
  55. 55.
    Giraud C (2004) DFA on AES. In: International conference on advanced encryption standard. Springer, pp 27–41Google Scholar
  56. 56.
    Ferretti C, Mella S, Melzani F (2014) The role of the fault model in DFA against AES. In: Proceedings of the workshop on hardware and architectural support for security and privacy (HASP). ACM, p 4Google Scholar
  57. 57.
    Sakiyama K, Li Y, Iwamoto M, Ohta K (2012) Information-theoretic approach to optimal differential fault analysis. IEEE Trans Inf Forens Secur 7(1):109–120CrossRefGoogle Scholar
  58. 58.
    Ali SS, Mukhopadhyay D, Tunstall M (2013) Differential fault analysis of AES: towards reaching its limits. J Cryptogr Eng 3(2):73–97CrossRefGoogle Scholar
  59. 59.
    Ghalaty NF, Yuce B, Taha M, Schaumont P (2014) Differential fault intensity analysis. In: 2014 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 49–58Google Scholar
  60. 60.
    Li Y, Ohta K, Sakiyama K (2012) New fault-based side-channel attack using fault sensitivity. IEEE Trans Inf Forens Secur 7(1):88–97CrossRefGoogle Scholar
  61. 61.
    Liu Y, Zhang J, Wei L, Yuan F, Xu Q (2015) Dera: yet another differential fault attack on cryptographic devices based on error rate analysis. In: Design Automation conference (DAC). ACM, p 31Google Scholar
  62. 62.
    Fuhr T, Jaulmes E, Lomné V, Thillard A (2013) Fault attacks on AES with faulty ciphertexts only. In: 2013 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 108–118Google Scholar
  63. 63.
    Järvinen K, Blondeau C, Page D, Tunstall M (2012) Harnessing biased faults in attacks on ECC-based signature schemes. In: 2012 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 72–82Google Scholar
  64. 64.
    Joye M, Jean-Jacques Q, Sung-Ming Y, Yung M (2002) Observability analysis-detecting when improved cryptosystems fail. In: Cryptographers’ track at the RSA conference. Springer, pp 17–29Google Scholar
  65. 65.
    Yen S-M, Joye M (2000) Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans Comput 49(9):967–970CrossRefzbMATHGoogle Scholar
  66. 66.
    Karaklajic D, Fan J, Verbauwhede I (2012) A systematic M safe-error detection in hardware implementations of cryptographic algorithms. In: 2012 IEEE International Symposium on hardware-oriented security and trust (HOST), pp 96–101Google Scholar
  67. 67.
    Blömer J, Seifert J-P (2003) Fault based cryptanalysis of the advanced encryption standard (AES). In: Computer Aided verification. Springer, pp 162–181Google Scholar
  68. 68.
    Boneh D, DeMillo RA, Lipton RJ (1997) On the importance of checking cryptographic protocols for faults. In: International Conference on the theory and applications of cryptographic techniques. Springer, pp 37–51Google Scholar
  69. 69.
    Ciet M, Joye M (2005) Elliptic curve cryptosystems in the presence of permanent and transient faults. Des Codes Cryptograph 36(1):33–43MathSciNetCrossRefzbMATHGoogle Scholar
  70. 70.
    Fouque P-A, Lercier R, Réal D, Valette F (2008) Fault attack on elliptic curve montgomery ladder implementation. In: 5th Workshop on Fault diagnosis and tolerance in cryptography. 2008. FDTC’08. IEEE, pp 92–98Google Scholar
  71. 71.
    Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO’99. Springer, pp 789–789Google Scholar
  72. 72.
    Fan J, Guo X, De Mulder E, Schaumont P, Preneel B, Verbauwhede I (2010) State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: 2010 IEEE International Symposium on hardware-oriented security and trust (HOST). IEEE, pp 76–87Google Scholar
  73. 73.
    Oswald D (2013) Implementation attacks: from theory to practice, Ph.D dissertationGoogle Scholar
  74. 74.
    Spreitzer R, Moonsamy V, Korak T, Mangard S (2017) Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Communications Surveys & TutorialsGoogle Scholar
  75. 75.
    Tillich S, Herbst C (2008) Attacking state-of-the-art software countermeasures—a case study for AES. Lect Notes Comput Sci 5154:228–243CrossRefGoogle Scholar
  76. 76.
    Rivain M, Prouff E (2010) Provably secure higher-order masking of AES. Cryptograph Hardware Embedded Syst CHES 2010:413–427zbMATHGoogle Scholar
  77. 77.
    Grosso V, Standaert F-X, Faust S (2014) Masking vs. multiparty computation: how large is the gap for AES? J Cryptogr Eng 4(1):47–57CrossRefGoogle Scholar
  78. 78.
    Chevallier-Mames B, Ciet M, Joye M (2004) Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans Comput 53(6):760–768CrossRefzbMATHGoogle Scholar
  79. 79.
    Skorobogatov S (2006) Optically enhanced position-locked power analysis. Cryptograph Hardware Embedded Syst-CHES 2006:61–75Google Scholar
  80. 80.
    Amiel F, Villegas K, Feix B, Marcel L (2007) Passive and active combined attacks: combining fault attacks and side channel analysis. In: Workshop on Fault diagnosis and tolerance in cryptography, 2007. FDTC 2007. IEEE, pp 92–102Google Scholar
  81. 81.
    Clavier C, Feix B, Gagnerot G, Roussellet M (2010) Passive and active combined attacks on AES combining fault attacks and side channel analysis. In: 2010 Workshop on fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 10–19Google Scholar
  82. 82.
    Roche T, Lomné V, Khalfallah K (2011) Combined fault and side-channel attack on protected implementations of AES. Smart Card Res Adv Appl, 65–83Google Scholar
  83. 83.
    Dassance F, Venelli A (2012) Combined fault and side-channel attacks on the AES key schedule. In: 2012 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 63–71Google Scholar
  84. 84.
    Schmidt J-M, Tunstall M, Avanzi RM, Kizhvatov I, Kasper T, Oswald D (2010) Combined implementation attack resistant exponentiation. LATINCRYPT 6212:305–322zbMATHGoogle Scholar
  85. 85.
    Yao Y, Yang M, Patrick C, Yuce B, Schaumont P (2018) Fault-assisted side-channel analysis of masked implementations (to appear). In IEEE International Symposium on hardware oriented security and trust (HOST), 2018. IEEE, pp 72–77Google Scholar
  86. 86.
    Durumeric Z, Kasten J, Adrian D, Halderman JA, Bailey M, Li F, Weaver N, Amann J, Beekman J, Payer M, Paxson V (2014) The matter of heartbleed. In: Internet Measurement conference (IMC), pp 475–488Google Scholar
  87. 87.
    Obermaier J, Tatschner S (2017) Shedding too much light on a microcontroller’s firmware protection. In: USENIX Workshop on offensive technologies (WOOT)Google Scholar
  88. 88.
    Scott ME Glitchy descriptor firmware grab,, Online; Accessed 14 Nov 2017
  89. 89.
    Bouffard G, Iguchi-Cartigny J, Lanet J-L (2011) Combined software and hardware attacks on the java card control flow. In CARDIS, vol 7079. Springer, pp 283–296Google Scholar
  90. 90.
    Vasselle A, Thiebeauld H, Maouhoub Q, Morisset A, Ermeneux S (2017) Laser-induced fault injection on smartphone bypassing the secure boot. In: 2017 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 41–48Google Scholar
  91. 91.
    Timmers N, Mune C (2017) Escalating privileges in Linux using voltage fault injection. In: Fault Diagnosis and tolerance in cryptography (FDTC), pp 25–35Google Scholar
  92. 92.
    Seaborn M, Dullien T (2015) Exploiting the dram rowhammer bug to gain kernel privileges. Black HatGoogle Scholar
  93. 93.
    San Pedro M, Soos M, Guilley S (2011) Fire: fault injection for reverse engineering. In: WISTP. Springer, pp 280–293Google Scholar
  94. 94.
    Le Bouder H, Guilley S, Robisson B, Tria A (2014) Fault injection to reverse engineer DES-like cryptosystems. In: Foundations and practice of security. Springer, pp 105–121Google Scholar
  95. 95.
    Clavier C, Wurcker A (2013) Reverse engineering of a secret AES-like cipher by ineffective fault analysis. In: 2013 Workshop on Fault diagnosis and tolerance in cryptography (FDTC). IEEE, pp 119–128Google Scholar
  96. 96.
    Jacob M, Boneh D, Felten E (2002) Attacking an obfuscated cipher by injecting faults. In: Digital Rights management workshop, vol 2696, pp 16–31Google Scholar
  97. 97.
    Courbon F, Fournier JJ, Loubet-Moundi P, Tria A (2015) Combining image processing and laser fault injections for characterizing a hardware AES. IEEE Trans Comput-aided Des Integr Circ Syst 34(6):928–936CrossRefGoogle Scholar
  98. 98.
    Common Criteria Community, Online Sccessed 18 Jan 2018
  99. 99.
    United States Government Accountability Office, Information assurance, national partnership offers benefits, but faces considerable challenges, Technical Report GAO-06-392, 2006.
  100. 100.
    EMVCo Product Approval Processes, Online Accessed 18 Jan 2018
  101. 101.
    National Institute of Standards and Technology (NIST), Security requirements for cryptographic modules, FIPS PUB 140-2, 2001.

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.The Bradley Department of Electrical and Computer EngineeringVirginia TechBlacksburgUSA
  2. 2.Riscure – Security LabDelftNetherlands

Personalised recommendations